From 1aca4018133493ad1049693efe3a896a36e3c4e4 Mon Sep 17 00:00:00 2001
From: Tim Hockin <thockin@google.com>
Date: Fri, 28 Aug 2015 22:32:30 -0700
Subject: [PATCH] Don't name 'eth0' in MASQUERADE rule

This causes endless loops of adding duplicate rules on machines without "eth0".
---
 pkg/kubelet/container_bridge.go | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/pkg/kubelet/container_bridge.go b/pkg/kubelet/container_bridge.go
index d37497d12f9..7b5377a283f 100644
--- a/pkg/kubelet/container_bridge.go
+++ b/pkg/kubelet/container_bridge.go
@@ -121,13 +121,23 @@ func cbr0CidrCorrect(wantCIDR *net.IPNet) bool {
 // TODO(dawnchen): Using pkg/util/iptables
 func ensureIPTablesMasqRule() error {
 	// Check if the MASQUERADE rule exist or not
-	if err := exec.Command("iptables", "-t", "nat", "-C", "POSTROUTING", "-o", "eth0", "-j", "MASQUERADE", "!", "-d", "10.0.0.0/8").Run(); err == nil {
+	if err := exec.Command("iptables",
+		"-t", "nat",
+		"-C", "POSTROUTING",
+		"!", "-d", "10.0.0.0/8",
+		"-m", "addrtype", "!", "--dst-type", "LOCAL",
+		"-j", "MASQUERADE").Run(); err == nil {
 		// The MASQUERADE rule exists
 		return nil
 	}
 
 	glog.Infof("MASQUERADE rule doesn't exist, recreate it")
-	if err := exec.Command("iptables", "-t", "nat", "-A", "POSTROUTING", "-o", "eth0", "-j", "MASQUERADE", "!", "-d", "10.0.0.0/8").Run(); err != nil {
+	if err := exec.Command("iptables",
+		"-t", "nat",
+		"-A", "POSTROUTING",
+		"!", "-d", "10.0.0.0/8",
+		"-m", "addrtype", "!", "--dst-type", "LOCAL",
+		"-j", "MASQUERADE").Run(); err != nil {
 		return err
 	}
 	return nil